Just prior to Christmas 2014, the Commodity Futures Trading Commission’s Division of Swap Dealer and Intermediary Oversight issued no-action relief extending the deadline by when chief compliance officer annual reports must be filed with the CFTC by futures commission merchants, swap dealers and major swap participants with fiscal years ending on or before January 31, 2015. At the same time, DSIO published a separate advisory of “best practices” regarding the content of such reports.
Pursuant to CFTC regulations, CCO reports must be filed annually by FCMs, SDs and MSPs ordinarily within 60 days of their fiscal year-end. These reports must contain certain prescribed information (as set forth in CFTC Regulation 3.3(e)), be certified by the CCO or by the company’s chief executive officer and be provided first to the company’s board of directors (BOD) or the senior officer in charge of the FCM, SD or MSP, and subsequently to the CFTC. (Click here for further information on CCO annual reports in the article “It’s 10 PM: FCMs, SDs, MSPs—Do You Know the Status of Your Firm’s 2013 Annual Compliance Report Preparation?” in the September 4, 2013 edition of what is now Between Bridges.)
No-Action Relief—Time Frames to File CCO Annual Reports
In its no-action relief, DSIO staff granted relevant firms whose fiscal year ends on or before January 31, 2015, an extra 30 days—or 90 days in total following their fiscal year-end—to file their CCO annual report.
Moreover, FCMs, SDs and MSPs may have an additional 30 days to file their CCO annual report—or 120 days in total—if, by no later than 90 days following their fiscal year-end, they “inform” DSIO “of any material non-compliance events that occurred during the fiscal year that is the subject of the annual report.” Again, this additional relief is available only to rlevant firms whose fiscal year ends on or before January 31, 2015. There is no guidance regarding the form this advice to DSIO should take, but presumably it should be in writing.
CCO Annual Report Advisory
In its advisory, DSIO provides greater insight into what it expects to be included in CCO annual reports. Although staff states that its recommendations “are not requirements and do not need to be used,” it makes clear that it “expects CCOs to make efforts to incorporate [the] advisory into their current annual report.” Accordingly, to minimize potential issues with CFTC staff, firms should incorporate as many of DSIO’s recommendations as practical into their CCO annual reports.
Among other matters, the advisory appears to suggest that a CCO annual report should include both a summary chart and a more comprehensive narrative “to fully inform the BOD or the senior officer regarding the registrant’s compliance program.”
Staff suggests that a summary chart “may be an appropriate mechanism to convey certain types of information in an efficient and digestible manner.” This information might include (1) identification of regulatory requirements to which the registrant is subject; (2) identification of the firm’s written policy and procedure(s) (WPP) that address the relevant regulatory requirement; (3) a cross-reference to the specific section or page of the relevant WPP; (4) an assessment of the effectiveness of the firm’s WPP to meet the regulatory requirement; and (5) the method used by the firm to assess effectiveness. In its advisory, DSIO provides a sample form of a summary chart.
However, DSIO cautions that a chart alone is not sufficient. The use of a chart to describe WPPs, for example, “should not be a substitute for a meaningful discussion of WPPs that are deemed to be ineffective or needing improvement.”
CCO Annual Report Specific Content Recommendations
In its guidance, DSIO also provides insight regarding its expectations for the content of CCO annual reports in order for registrants to comply with the specific requirements of the applicable regulation. For example, regarding registrants’ requirement:
- to describe its WPPs, and how they are “reasonably designed” to help the firm comply with applicable regulatory requirements, staff suggests there should be two levels of discussion—one to provide an overview “of the registrant’s system or program of WPPs, how they work as a whole, and how the registrant generally puts the WPPs into practice as part of its compliance activities,” and the other to describe specifically each WPP and how it relates to each of the firm’s regulatory requirements;
- to assess the effectiveness of the firm’s WPPs, staff indicates that the evaluation should be on a “requirement by requirement basis” and be conducted by the registrant—and not by external audits or reviews. Moreover, the registrant should disclose the assessment method used to evaluate each requirement and, where there is a conclusion that the WPP is partially or totally ineffective, there should be a discussion of the reasons for the conclusion and the steps taken or contemplated to improve the WPP. Staff expressly notes that this has been an area in CCO annual reports where it has found weaknesses:
A number of reports reviewed by the Division had shortcomings in addressing this regulation. Some reports included a narrative description of the assessment method used by the registrant and provided only a general indication of the effectiveness of all WPPs. No statements regarding the assessment results on a requirement by requirement basis were provided;
- to discuss areas for improvement and recommend potential or prospective changes or enhancements to the firm’s compliance program and resources devoted to compliance, staff recommends that the CCO describe the specific area that needs improvement, and how the improvement will be implemented and in what time frame, and include a cross-reference to the applicable regulation that the improvement will address. Importantly, DSIO cautions that:
[i]f a CCO annual report makes no recommendations for changes or improvements to the compliance program, the Division staff may have questions regarding the robustness of the CCO’s active review of the compliance program;
- to list any material changes to the compliance policies and procedures during the coverage period of the report, staff recommends that the CCO include a “description of the standard of materiality used.” This is an area where DSIO cautions that, although a chart is an “efficient way” to list material changes, “there should be substantive discussions of the material changes.” Although there is no discussion of what staff means by “standard of materiality,” determinations of materiality typically depend on facts and circumstances. Some standards may be derived on a numeric basis (e.g., percentage of capital or segregated funds), others may be based on a perceived harm; this latter category may always be subject to second-guessing, however.
- to describe the financial, managerial operations and staffing resources devoted to compliance including any material deficiencies, DSIO recommends inclusion of the following specific information: (1) total budget allocated for compliance (e.g., personnel, technology, training and travel); (2) total full-time staff; (3) partially allocated staff (including a percentage of how much of the staff’s time is dedicated to compliance matters); (4) management resources (this differs from staff boots on the ground); and (5) “detailed information” regarding infrastructure—by which staff apparently means at least a description of the technology (likely hardware and software) used to support compliance activities (as suggested by their parenthetical reference to “computers” and “technology infrastructure”). Staff also requests that if there was a reduction in compliance staff from the prior period (even involving only one staff member, apparently), a “significant” compliance budget decrease or new “significant” business activities, the CCO annual report should discuss why “allocated resources are not deficient in light of the changes that occurred.” Finally, this section should also describe the CCO and CEO’s education and prior experience “which supports their roles in assessing compliance” with the firm’s regulatory obligations; and
- to describe any material noncompliance issues and corresponding actions taken, DSIO says the CCO annual report should include a description of the “standard” applied in assessing materiality, although, again, there is no guidance regarding what DSIO is looking for in connection with a firm’s determination of a standard. Moreover, the staff indicates that each noncompliance issue should be identified (whether through self-detection or otherwise), along with the relevant regulation and the action taken in response. The discussion should also address (1) how the firm arrived at the “course of remediation” it implemented; (2) how the remediation was executed; (3) any follow-up testing; and (4) “any noteworthy results from such testing.” Finally, the firm should discuss generally how the CCO or compliance department “handles and tracks” noncompliance issues.
For most FCMs, SDs and MSPs, 2015 will mark the second year they have prepared and filed a CCO annual report with the Commission.
Although the staff’s advisory addresses only CCO annual reports of FCMs, SDs and MSPs, CCO’s of derivative clearing organizations, swap data repositories and swap execution facilities should also consider the application of DSIO’s recommendations as relevant. Under Dodd-Frank, the CFTC had the discretion to defer to the National Futures Association to establish requirements for chief compliance officers, including the form and content of any annual report, but determined to impose regulations itself. (Click here to see Wall Street Reform and Consumer Protection Act – Title VII, Sec. 732(d) at page 337).